SUCCESS!! :-) .... I think I've done this right.
Thanks again Pascal! You were right -- the problem basically was that
the pppd and chat executables were not in the path of the user. So I
appended that directory to the user's path and left the setuid to root
attribute turned on (also tried again without the setuid root and it
didn't fly.)
In order to make it secure so that the ppp-on script wasn't readable by
the user I removed read access from that directory (/etc/ppp). The
start-ppp and stop-ppp files are just links and they are in a user
readable dir -- /usr/local/bin But there's nothing in that dir that
shows my isp logon password. Those scripts (ppp-on, ppp-off) are all in
the /etc/ppp dir --- which are now not readable to the user but still
executable via the link by the user. I figure this is pretty secure --
no?
BTW, I'm using RH also -- 5.2
best,
Jamie
LENGARD Pascal OCISI wrote:
>
> yes, sure.
> your ppp script is able to connect you when you are root and it does not
> work when you are a normal user.
> so the problem is coming from the differences between both accounts.
> it could be PATH and other parameters, but it is surely again a problem
> of rights (chmod is to be used there).
>
> start-ppp is surely using some other scripts/programs and i am pretty
> sure one of them is not executable to non-root users.
> i don't have this start-ppp script (i'm running redhat), so this is time
> to debug and twick things yourself.
> edit this ppp-start script to look what it can be using.
> for each script and executable verify it is useable to ordinary users
> (have a look at "chat" is it executable to ordinary users ?)
>
> i did make it work on a slackware distrib once, but i used a different
> method: i wrote a wrapper to ppp-start which was setuid root so that all
> the commands are run as root user. maybe you could do this too [ther is a
> security issue though since if someone is able to hack you ppp scripts he
> will be granted root access to your whole computer so it must be done in
> very careful ways)
>
> pascal
>
> -----Original Message-----
> From: JF [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, April 20, 1999 3:06 AM
> To: LENGARD Pascal OCISI; Linux Newbie list
> Subject: Re: setuid problem
>
> Thanks Pascal for the pointer. This setuid must be some really arcane
> stuff. Well, maybe only cuz I'm a newbie to linux. Anyway, in
> implementing your chmod advice the "must be root to run pppd since not
> setuid-root" message went away when running start-ppp (pppd) from the
> non-root user account, but it won't finish executing and won't dial. A
> modem light blinks and then nothing. When I go back to root start-ppp
> (pppd) still runs just fine. I need to enable a regular user for this.
>
> I'm sure you're right that I do need a good unix book. I have 4 linux
> books so far and none have anything on setuid. So I'm still searching
> for a good ref on the subject. But meanwhile, is there something else I
> can do to enable the user to run start-ppp?
>
> thanks again!
>
> LENGARD Pascal OCISI wrote:
> >
> > read the PPP-HOWTO all is explaned there.
> > (the command you need is chmod u+s /usr/sbin/pppd)
> >
> > maybe you should also read some UNIX book to understand how the user
> and
> > group rights are granted.
> >
> > pascal
> >
> > -----Original Message-----
> > From: JF [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, April 15, 1999 1:59 PM
> > To: [EMAIL PROTECTED]
> > Subject: setuid problem
> >
> > Hi,
> >
> > I need to be able to start my ppp dialup from a non-root user account.
> > When I run start-ppp as a user I get "must be root to run pppd since
> not
> > setuid-root.
> >
> > What does this mean? And, how can I set it up so a user can run the
> > dialer?
> >
> > thanks,
> > Jamie Faunt
http://www.pacificnet.net/~faunt/
